SecurityScorecard
SecurityScorecardExternal reviews
98 reviews
from
and
External reviews are not included in the AWS star rating for the product.
The tool is really helful to know the security status of a company , data breaches and data issues
What do you like best about the product?
The best part is that post you know the issues & breaches of a company, you can invite them to get remediation. You can help them improve
What do you dislike about the product?
The process of adding companies to portfolio need a little improvement. Sometimes the weblink inside the company does not open up. Also sometime the tool is little slow
What problems is the product solving and how is that benefiting you?
Sending Questionnaire and assessment questions is really awesome.
Help in improving security scores of companies
Help in improving security scores of companies
Recommendations to others considering the product:
This tool is really helful as it covers different domains related to information security and very helpful to improve the score/grade of a company
Excellent tool and service behind
What do you like best about the product?
The Security Scorecard offers us what we need in terms of continuous assessment of the external network vulnerabilities tests. The webUI is user-friendly and built in a logical format, very easy to use and dig for information on it.
What do you dislike about the product?
There is no user option to re-launch the test, so you get confirmation that your fix really works. Claiming a fixed issue takes some time and a ticket to Security ScoreCard Support to validate it. Also, the propagation of the fix may take some time, before it gets reflected on the organization's score.
What problems is the product solving and how is that benefiting you?
We have a full picture of our organization's exposure on the public domain. Getting this "big picture" for the entire IP space helps us prioritize the mitigation actions and the maintenance windows for our external hosts. Also, having the issues summarized, explained, and the solution suggested for any problem that came out of scans, it's really helpful.
Recommendations to others considering the product:
Try it. Ask for a demo.
The sucess behind SSC is its people
What do you like best about the product?
Many times you buy a security tool and after a short onboarding period, you are on your own. The experience with SSC has been the opposite. They were there and continue to be there for us. From the sales, to support, to continuous customer care, the experience has been outstanding. SSC stands behind its product and is ready and able to engage whenever we bring our third parties to the table or have any questions. They have been very responsive to our needs (e.g. training, deployment, questions by internal teams and third parties, open to feedback, etc.) The tool is helping us assess a large number of third parties that we are discovering.
What do you dislike about the product?
Does not have enough capabilities yet to gain insight on how the tool is being used within the organization.
What problems is the product solving and how is that benefiting you?
Rapid assessment and prioritization of third parties that are popping up as part of a discovery process. It is enabling us to become more agile and have more intelligent and fact-supported conversations with our third parties.
Outstanding new perspective on third party risk.
What do you like best about the product?
The SecurityScorecard platform provides insights that an organization would otherwise not have related to security. Understanding where critical risks may exist dramatically reduces the risk posture of the third party population through coordinated remediation requests and efforts.
What do you dislike about the product?
The only downside to the use of he platform, and it is a very minor negative, would be the inability to create very granular alerts within the platform. The current alerting, while extremely beneficial, does require a little research after a notification is received to understand the underlying problem.
What problems is the product solving and how is that benefiting you?
Through the use of the multiple API endpoints, performing periodic checks for public breaches across the vendor population has been completely automated. Additionally, the alert capabilities provides great insight into pressing issues that a vendor's attention should be focused on for remediation purposes to reduce their inherent risk.
Recommendations to others considering the product:
It is highly recommended to explore the options available to the end user through the vast array of API endpoints. Detailed information can be obtained and parsed through scripting and automation. The remediation support that the SecurityScorecard team provides through their validation efforts is also top notch. The customer success managers work alongside you throughout both the implementation and training process as well as navigating the ongoing usage of the platform.
Best bang for the Buck in SecurityScore space
What do you like best about the product?
We use SecurityScorecard in a variety of ways; 1) watching ourselves to ensure our Internet footprint secure & following best practices, 2) as part of 3rd party security reviews/approvals of new vendors/SaaS, etc., and 3) Industry benchmarking & Board reporting. 4) We're just beginning to look at corporate spend & map that back to a SecurityScore-based heatmap for a more corporate view. Also, the ability to quickly add previously unscored companies is a great feature.
What do you dislike about the product?
Biggest thing to me is around the lack of email notifications when user-initiatied 'offline/adhoc' processes are requested, which today requires the requestor to remember and go back & check, like: 1) requesting a new company be reviewed, which generally takes 3-5 days, 2) when security score reports have been requested, etc. Improving here would greatly improve the user experience.
What problems is the product solving and how is that benefiting you?
We're in our 2nd full year of use, and improved our overall score from 73-C to 98-A. SecurityScorecard has brought to light several best practices that weren't being followed (especially around Email security & DNS (SPF/DKIM), SSL best practices, as well as, garbage collection, not to mention keeping tabs on a sprawling web presence. While it was a tremendous amount of work to clean up the environment, it's now relatively easy to keep clean, enabling us to see a drastic reduction in the number of successful web attacks, as well as, increasing the effectiveness of the advanced security capability of our email filtering capability, resulting in reductions in the number of actual phish in users' mailboxes.
Recommendations to others considering the product:
The biggest value to us is the continuous monitoring of ourselves, and taking action on score changes. From my perspective, continuous monitoring of 3rd parties hasn't been all that valuable to date - we found we didn't do anything with the alerts. We're looking into integration with ServiceNow to enhance the approval process vs. being disjointed today - hope is to streamline the process.
Best 3rd party vendor management tool for the money
What do you like best about the product?
I am able to review our vendors in real time to frameworks such as PCI, HIPAA and many more. We had a vendor say they were HIPAA compliant and I was able to show them they were not according to security scorecard
What do you dislike about the product?
They make so many improvements to the product at this point it would only be nitpicking
What problems is the product solving and how is that benefiting you?
We are able to watch our vendors and make informed decisions on new vendors.
Recommendations to others considering the product:
Start off with 5 vendors. You can switch them up on a daily basis. If you need more then you can buy more later.
SS helps me do my job
What do you like best about the product?
Easy to understand rating system. Evaluation against industry peers.
What do you dislike about the product?
Not every vendor has a ScoreCard available
What problems is the product solving and how is that benefiting you?
Used to evaluate vendors and third party risk
Rich Risk Information in a Clean GUI
What do you like best about the product?
I appreciate the way Security Scorecard brings together publically available risk information and provides an initial risk analysis. The GUI interface makes it easy to drill deeper into areas of interest and the Historical trending allows you to materialize risk reduction. The ability to invite vendors to see their scorecard is a nice touch combined with allowing the customer to question, refute, or resolve any identified vulnerability.
What do you dislike about the product?
The tool does a great job at managing a vendor with a wealth of information but lacks tools to effectively and efficiently manage entire portfolios of hundreds of vendors. There are few options to bubble to the surface highest risk issues across and entire portfolio and recently identified and posted vulnerabilities so that risk mitigation efforts can begin. The Breach Insight feature is lacking in credibility and effectiveness. The lack of CVE numbers & CVSS security ratings can led to subjective opinion of risk by Security Scorecard versus the collaborative\standard presented by a CVE\CVSS.
What problems is the product solving and how is that benefiting you?
Currently we are monitoring 1000+ third parties identifying the worst performing companies overall as well as within specific risk areas or specific vulnerabilities. Once alerted or identified then proactive efforts are taken to verify the potential vulnerability and work with the third party to mitigate. We are also leveraging the breach\incident alerts to review potential impact and risk exposure and liabilities.
showing 31 - 38